Pages

Saturday, April 27, 2013

Response to Huffington Post - Fines for Hacked Social Media Accounts

The Huffington Post recently released an article calling for companies to face fines for having their social media accounts compromised. The Associate Press recently had their Twitter account compromised and caused a small dip in the market after tweeting, "Two Explosions in the White House and Barack Obama is injured".

In the wake of a brief stock market crash
caused by hackers sending out a false tweet from the Associated Press'
Twitter account, companies who fail to secure their social media
accounts from hackers should face fines, one federal regulator told The
Huffington Post.

What makes them and Bart Chilton, a commissioner with the Commodity Futures Trading Commission, think adding more regulation is going to fix anything. Haven't they learned that regulations and compliance don't equate security? All this does is allow them vengeance to look for lost money because Wall Street and stock brokers are all trying to be the first to make a trade in a cut-throat community.

Chilton said he asked the agency's lawyers to review whether a company
whose Twitter account gets hacked is violating a law that bars it from
"providing misleading information or recklessly allowing information to
come out."

Before Mr. Chilton starts making blanket statements about how to fix the cyber community he should getter a better understanding of how these compromises actually work. With Cross Site Scripting (XSS) and Cross Site Request Forgery (CSRF) attacks, as well as a plethora of other attacks, makes the stealing of social media credentials something easily obtained by a persistent attacker.

Before we start trying to fix a broken system with more fines and regulations, let's look at the cause of the issue to begin with. Wall Street and Stock brokers shouldn't take everything they read on the internet as gospel. In this digital age with all the advances of trading in the stock market, if a simple tweet can bring down our economy we have more to worry about than hackers.